Volume 7, Edition 7, July 2011
 

This Month’s Challenge is sponsored by:


  		 
 
Text Box:

Correct!

ANSWER: B. In addition to factors A, C, and D, relevant penalty considerations include whether there was a serious contravention by the data controller and whether the contravention is of a kind likely to cause substantial damage or substantial distress.

Under United Kingdom data privacy law as recently amended, a penalty of up to £500,000 ($1,000,000) may be imposed per occurrence against a company for a data breach. Which one of the following is not a factor that is considered in determining severity of the penalty?

A. Whether the contravention was deliberate;

B. Whether the data controller previously registered with applicable EU Privacy Authority;

C. Whether the data controller knew or ought to have known that there was a risk that the contravention would occur and of a kind likely to cause substantial damage or substantial distress;

D. Whether the data controller took reasonable steps to prevent the contravention.




 

Disclaimer Statement: All information presented is for information purposes only and is not intended to provide professional or legal advise regarding actions to take in any situation. Advertisements are presented for information and marketing purposes only and the National Institute for Prevention of Workplace Violence, Inc. makes no representations for any products or services that are promoted and accepts no responsibility for any actions or consequences that occur as a result of any purchases from advertisers.